EXETER, LUZERNE COUNTY (WBRE/WYOU-TV) – Cyber attacks are on the rise around the world and our region is not immune to those attacks.
The I-Team looked into the problem in a special report called “Paying the Price.”
The FBI and other federal law enforcement agencies estimate that ransomware attacks bring in tens of billions of dollars each year for computer hackers.
Some of those hackers operate what amounts to a cyber attack business.
They hack into a computer system and will not free up that data unless the target pays up.
Local school districts are paying attention and are willing to “pay the price” to free up their data.
“It pretty much shut us down at that moment in time,”
So says Janet Serino, the Superintendent of the Wyoming Area School District. The district was targeted by cyber attackers in July of 2019.
“Everybody was panicking because even though it was in July we needed to be up and running for school because we use our technology for a lot,” said Janet Serino.
The district’s technology director learned that the ransomware attack was made on an employee computer being used away from campus.
“Fortunately with having cyber insurance we were able to make contact with them and they were able to come in and help him do some forensic work to find out how it happened and how much was actually affected,” said Serino.
The hackers demanded $38,000 to free up the district’s data.
They first sent codes to the district to show it was indeed in control of the district’s information.
Only then did Wyoming Area officials agree to pay the ransom.
The district had to pay a $10,000 deductible. The insurance policy covered the rest of the ransom payment.
“I think sometimes people would say why would you pay it? Well because we need what we need to operate.”
The cyber attack on Wyoming Area caught the attention of officials in the Hazleton Area School District.
“We are attacked every single day whether they are direct attacks or through emails,” said Dr. Kenneth Briggs, Hazleton Area School District of Technology.
The district recently purchased its cyber insurance policy.
“There are several things we can do to hamper things to slow it down one of the is to have good firewalls,” said Briggs.
Cyber insurance premiums as with other types of insurance vary based on the extent of coverage.
For example, the coverage could include paying for a negotiator who would deal with the cyber attackers.
Hazleton area pays just over $7,200 dollars per year for it’s coverage.
They asked us not to report the amount of coverage protection fearing it could attract ransomware attacks.
“This is certainly above and beyond the normal capacity of a school district.. We should be hitting the ground running and educating our students and not worrying about attacks from the outside,” said Brian Uplinger, Superintendent, Hazleton Area School District.
Cyber attacks are growing exponentially, “2019 was a huge increase in the number of successful ransomware attacks and the amount of ransom demands greatly increased throughout the year.”
Data released by Emsisoft Corporation which specializes in computer system security shows:
• 103 federal, state and local governments
• 759 health care providers
• 86 universities, colleges and school districts
Brett Callow is a threat analyst for Emsisoft,
“Around 98 percent of ransomware attacks succeed through malicious emails attachments through insecure remote access installs. Paying attention to these things and locking them down significantly reduces the number of successful attacks,” said Brett Callow.
Callow says cyber insurance is a double edged sword.
“Insurance takes the onus off the organization. Money is no longer coming from their own pockets so there may be money to pay the ransom demands otherwise they would be. Of course that makes ransomware more profitable than otherwise it would be thus creating more attacks.”
The ransom is paid for with the use of a internet currency known as bitcoins which is virtually impossible to trace and as a result few of these ransomware attackers are ever arrested, many of them operate out of the United States.
The FBI discourages paying any type of cyber ransom saying it only encourages future cyber extortion.